AIX doesnt have a pam.conf. it uses LAM. change obey pam restrictions = yes to obey pam restrictions = no
William Jojo wrote: > Arendt, Volker wrote: >> Hello all, >> >> we currently do have a problem with samba 3.3.4 on AIX 5.3. >> We have set up the samba system to integrate in our AD Domain. >> Integration was successfull (net ads join), wbinfo executes with >> parameters >> -ugt without any problems. Our smb.conf content follows at the end of >> this mail. >> >> We have defined just one share as follows: >> [smbtest] >> writeable = yes >> path = /gpfs/fbb/ls/cip >> valid users = >> When we connect from a Windows XP System we get the following error >> message: >> --- >> C:\Programme\Support Tools>net use p: \\frigg\smbtest >> Systemfehler 2239 aufgetreten. >> >> Dieses Benutzerkonto ist abgelaufen. >> --- >> translated: user account has expired >> >> In the system log file we get: >> --------------------------------------------------------------------------- >> >> ------ >> [2009/06/09 17:21:16, 10] smbd/sesssetup.c:reply_spnego_kerberos(402) >> Mapped to [FB6] (using PAC) >> [2009/06/09 17:21:16, 5] lib/username.c:Get_Pwnam_alloc(133) >> Finding user FB6+AdmMJ >> [2009/06/09 17:21:16, 5] lib/username.c:Get_Pwnam_internals(77) >> Trying _Get_Pwnam(), username as lowercase is fb6+admmj >> [2009/06/09 17:21:16, 5] lib/username.c:Get_Pwnam_internals(110) >> Get_Pwnam_internals did find user [FB6+AdmMJ]! >> [2009/06/09 17:21:16, 4] auth/pampass.c:smb_pam_start(472) >> smb_pam_start: PAM: Init user: admmj >> [2009/06/09 17:21:16, 4] auth/pampass.c:smb_pam_start(489) >> smb_pam_start: PAM: setting rhost to: 132.195.123.104 >> [2009/06/09 17:21:16, 4] auth/pampass.c:smb_pam_start(498) >> smb_pam_start: PAM: setting tty >> [2009/06/09 17:21:16, 4] auth/pampass.c:smb_pam_start(506) >> smb_pam_start: PAM: Init passed for user: admmj >> [2009/06/09 17:21:16, 4] auth/pampass.c:smb_pam_account(564) >> smb_pam_account: PAM: Account Management for User: admmj >> [2009/06/09 17:21:16, 2] auth/pampass.c:smb_pam_account(571) >> smb_pam_account: PAM: User admmj no longer permitted to access system >> [2009/06/09 17:21:16, 2] auth/pampass.c:smb_pam_error_handler(77) >> smb_pam_error_handler: PAM: Account Check Failed : User account has >> expired >> [2009/06/09 17:21:16, 0] auth/pampass.c:smb_pam_accountcheck(794) >> smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User >> admmj! >> [2009/06/09 17:21:16, 4] auth/pampass.c:smb_pam_end(450) >> smb_pam_end: PAM: PAM_END OK. >> --------------------------------------------------------------------------- >> >> ------ >> > > Hey, Volker. It's been awhile. Couple of questions: > > 1) What does /etc/pam.conf look like and > > 2) What does /opt/pware/lib/fbb-projekte.conf look like? > > > Glad to see you are still using the pWare stuff. :-) :-) How is your > cluster testing going? I need to contact Miguel again to see how he is > making out. > > Cheers, > Bill > >> An error log, debug level 10 is available on request. >> >> Kind regards >> >> Volker >> >> >> SMB.CONF >> --------------------------------------------------------------------------- >> >> --- >> [global] >> >> # -------------------------------------------------------- >> # setting base configuration parameters >> # >> # -------------------------------------------------------- >> workgroup = FB6 >> netbios name = FRIGG >> server string = AFS-2 >> security = ADS >> realm = FB6.UNI-WUPPERTAL.DE >> auth methods = winbind >> # password server = AD logon server >> password server = 132.195.120.9 132.195.120.12 >> wins server = 132.195.120.12 >> client use spnego = yes >> client signing = yes >> # added wg. ticket #5344 >> #client lanman auth = no >> #client ntlmv2 auth = yes >> encrypt passwords = yes >> host msdfs = no >> #domain logons = yes >> >> # fuer Samba 3.3.0 >> # damit keine verschluesselte Verbindung zum Domain Controller >> # aufgebaut wird >> ldap ssl = no >> >> # --------------------------------------------------------- >> # printer settings >> # ??? better disable these settings ??? >> # --------------------------------------------------------- >> # printcap name = cups >> # disable spoolss = Yes >> # show add printer wizard = No >> >> # --------------------------------------------------------- >> # ID mapping parameters >> # mapping windows users to unix users >> # this is performed on the basis of sid on windows and >> # unix with uid for users and gid for groups >> # the backend parameter rid allows to get the same mapping >> # form sid to uid because it is determined algorithmically >> # that way we get the same mapping even if we use samba on >> # several disparate systems >> # CHANGE NOTIFICATIO: with v3.3.0 there are changes >> # to idmap; idmap domains is no longer supported >> # --------------------------------------------------------- >> #idmap domains = FB6 >> #idmap backend = rid >> idmap backend = tdb >> idmap config FB6:backend = rid >> #idmap config FB6:base_rid = 0 >> idmap config FB6:range = 10000 - 49999 >> idmap uid = 10000-49999 >> idmap gid = 10000-49999 >> >> winbind separator =+ >> winbind use default domain = Yes >> winbind enum users = no >> winbind enum groups = no >> winbind cache time = 60 >> winbind gid = 10000-49999 >> winbind uid = 10000-49999 >> >> template homedir = /gpfs/fbb/user/%U >> template shell = /opt/pware/bin/bash >> #use sendfile = Yes >> #printing = cups >> #ldap suffix = "dc=FB6, dc=UNI-WUPPERTAL, dc=DE" >> >> #------------------------------------------------------- >> # Logging options >> # >> #------------------------------------------------------- >> # >> # higher log levels have a negative impact on performance >> log level = 10 >> log file = /opt/pware/var/log/samba.log.%m >> max log size = 5000000 >> debug timestamp = yes >> obey pam restrictions = yes >> #utmp = yes >> >> #------------------------------------------------------- >> # ACL Support >> # >> #------------------------------------------------------- >> map acl inherit = yes >> nt acl support = yes >> inherit acls = yes >> inherit permissions = yes >> inherit owner = yes >> admin users = @"FB6+domain admins" >> >> #------------------------------------------------------- >> # Performance options >> # >> #------------------------------------------------------- >> socket options = TCP_NODELAY IPTOS_LOWDELAY >> include = /opt/pware/lib/fbb-projekte.conf >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba